Understanding Guest Accounts & Wireless Network Options
TNS is moving towards the goal of logically placing all guest users, when connected to our network,
outside of the campus firewall. This will reduce security risks to the campus network without restricting
guest user experience (other than a cap on bandwidth). At this time, we are only rolling this feature out
for users of the secure wireless network.
Under the current (non-secure) system, guest accounts are treated in the same way as student
accounts, allowing access to interdisciplinary computing labs, the HSUWireless network, and other
network resources. The only change is the introduction of a second wireless network option –
HSUWireless-Secure.
This document describes the options available to you as a guest account administrator, so that you can
grant the appropriate level of access to guest accounts as determined by your department’s
requirements.
Guest account requirements
In order to provide appropriate access, you first need to understand what the guest user will need to do
with his/her network connection. Two types of guest account are available – regular and trusted.
Regular accounts are designed to provide Internet access on campus for visiting parents and conference
attendees - people who have no need to access internal campus network resources. Trusted guest
accounts provide access levels similar to those provided for staff and faculty; these accounts are
intended for short-term IT consultants, visiting faculty, and administrators from other CSU campuses.
There are three options for guest accounts:
•
Regular guest account
o Option 1 - Using HSUWireless.
Guest can access the web, check webmail, etc, but must authenticate on the network
and install a policy key to prevent the introduction of vulnerabilities into our network.
TCP/UDP port filtering is enabled, so guests may find some applications are inaccessible.
o
•
Option 2 - Using HSUWireless-Secure
The preferred option for regular guest accounts. Guest is not required to install a policy
key and TCP/UDP port filtering is not enabled. Almost all applications will work, but
speed is capped at 2Mbps, and guests will have to sign the Acceptable Use Policy.
Guests may not access campus resources unless firewall rules are specifically configured
to allow it.
Trusted guest account
o Option 3 - HSUWireless-Secure
Guests have similar access privileges as staff and faculty, with full access to file-shares,
printers, etc, on campus. Guests must authenticate on the network and install a policy
key to prevent the introduction of vulnerabilities into our network. TCP/UDP port
filtering is not enabled.
Important Note:
Guests using Option 3 will have an IP address in the 137.150.186.0/24 subnet.
Creating a Regular Guest Account in Account Center
1. Log in to Account Center using your HSU User Name and Password.
2. Click on the Admin Tools Tab
3. Click on the Request/Manage Guest Accounts link
4. Enter the Guest’s name into the Enter New Account user’s Name box and click Request New Account
5. The guest’s User Name and Password will be displayed at the top of the screen. You can now provide
this information to your Guest User.
Creating a Trusted Guest Account in Account Center
1. Log in to Account Center using your HSU User Name and Password.
2. Click on the Admin Tools Tab
3. Click on the Request/Manage Guest Accounts Link
4. Enter the Guest’s name into the Enter New Account user’s Name box, check the VPN & Secure
Wireless access box, and click Request New Account
5. The guest’s User Name and Password will be displayed at the top of the screen. You can now provide
this information to your Guest User.
IMPORTANT NOTE:
To manually add a username that you’ve created as a trusted guest account, you will need to also
manually add the username to the vpn-guest group in Active Directory.